cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


508
Views
0
Helpful
3
Replies
Beginner

Cisco ASA5510

I have  cisco ASA5510 firewall  using in my network but  unable to bolck Url's  unwanted.

can i block the https://facebook.com  on the asa by using regular exp.

Thanks,

Saroj

Everyone's tags (1)
3 REPLIES 3
Cisco Employee

Cisco ASA5510

VIP Mentor

Re: Cisco ASA5510

The ASA can not inspect HTTPS. You could deny name-resolution for facebook.com or use a proxy-server that can inspect HTTPS-traffic.

Highlighted
Cisco Employee

Re: Cisco ASA5510

Hi,

You can not block https as the "get-request' for the facebook.com will be encypted. However you can use ASA to block facebook based on your DNS request in case you dns request is passing through the ASA. ASA can inspect that DNS packet and based on regex you can deny that dns request.

In this way user will never be able to connect to facebook.com (3-way handshake).

but if you are using an internal DNS server, ASA won't be receiving the request if it is in same LAN segment.

Regards,

Dinkar

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here